Why echo 'password' | sudo -S sudo -s does not work whereas echo 'password' | sudo -S mount -a works?
Oliver Grawert
ogra at ubuntu.com
Mon Feb 8 12:37:51 UTC 2021
hi,
Am Montag, den 08.02.2021, 11:29 +0800 schrieb 孙世龙 sunshilong:
> >
> I hope to change the (effective) user as root and then execute
> several(maybe, a lot) commands that normal could not handle, e.g:
> chown.
>
are you aware that sudo (at least in Ubuntu) keeps the elevated
privileges for 15min ?
if you have a script with a ton of sudo calls only the first one will
ask for the password, so as long as all your sudo related steps are
done within 15min you should be fine without such echo hackery ...
in general it is not so clever from a security POV to store a user
password in a shell variable or in cleartext on disk and it is also
often considered malicious/rude behaviour to exec root stuff without
the user knowing ...
... that said, what you really want in such cases is to use the
SUDO_ASKPASS variable (that *must* point to a separate script) and
"sudo -A" to make your sudo calls use it...
Create a script to ask the password (myaskpass.sh) i.e. for a graphical
popup:
---
#!/bin/bash
zenity --password --title=Authentication
---
Then make sure to have this export line at the beginning of your script
and call sudo with -A:
---
export SUDO_ASKPASS="/path/to/myaskpass.sh"
sudo -A <command>
---
ciao
oli
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20210208/1a6d7bcd/attachment.sig>
More information about the ubuntu-users
mailing list